Hello, There are a few suggestions about the DNS over HTTP draft made off-list, which I will try to characterize here:
* We should expand the motivations to explain why DNS over HTTP makes sense at all. * We should restrict the protocol to TLS. I am happy to expand the motivation section, although I am beginning to wonder if it will ever be enough. :) As for a requirement for TLS... the document currently says that implementers SHOULD use TLS. My own feeling is that this should be enough; apparently the recommendation to require TLS was made in the HTTP/2 working group and rejected, so I am not sure that we need to re-visit the entire discussion around the DNS over HTTP protocol. https://http2.github.io/faq/#does-http2-require-encryption Note that I do not have a strong preference here. This is a working group document, so if there is consensus for requiring TLS then that's how it is. A final oversight that occurred to me is that there should be a privacy section. This is because since the DNS over HTTP serves as a DNS resolver that all of the privacy considerations of a normal DNS resolver apply, and should be mentioned (probably referencing RFC 7626). Cheers, -- Shane
pgpE07ylXQtgv.pgp
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
